Pages

Monday, April 22, 2013

Review of the Reddit DDoS Attack

As many of you already know the popular social media site, Reddit.com, was under a massive DDoS attack starting Friday night. There's a great review of the attack and how Reddit is mitigating it by techcrunch.com which can be found here.

A few interesting things I found about this attack are that the system admins created a board in Reddit to help explain the attack and outages. In their communications they gave their users an alert that a DDoS was underway against their site and that they were receiving traffic that was "orders of magnitude larger" then normal. I found this honesty via their Reddit boards and twitter feed an excellent way to communicate to their users during an attack.

One of the other area's I found very interesting (since I' recently blogged about DDoS mitigationtechniques) was that even though they were using Akamai as a CDN they were still vulnerable. I can't emphasis this enough, just because you have a CDN in place doesn't give you a bullet proof vest. The CDN has to be routing/caching the traffic back to the origin IP address that it's hosting. If they're not hosting or caching for a domain name they'll have to go back to the origin to find the data. Also, if they want to hit you via an IP address, say at your front-end-router, CDN's have very little if any protection here. Having the ability to route over to a DDoS mitigation vendor via BGP on a slash /24 network is the best bet during an attack. CDN's are an excellent layer, but aren't enough for a skilled or persistent attacker.

Here's part of thread occurring with the system admin "Alienth" and a user about the attack and Akamai.